with this post I want to publish my own master thesis which I finished on February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.

[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]

The thesis mainly consists the following chapters:

Introduction to the IPv6 Specification: This is simply an overview of the IPv6 protocol itself without any deep statements about security. (Anyone who is already familiar with IPv6 can completely skip this chapter.)

IPv6 Security Vulnerabilities: In this chapter I explain many (hopefully almost all) security weaknesses that arise with IPv6. I give a theoretic overview and show the tools with which theses vulnerabilities can be exploited (mainly THC-IPv6). Along with many listings I provide deep information about how these tools work. I list some “Firewalls’s Best Practices” and finally present a big table in which all attacks and tools are summarized.

IPv6 Security Laboratory & Tests: To test several firewalls against IPv6 security issues I built an independent laboratory which is presented in this chapter. I also list the used IPv6 security attacks and present the results of the tested firewalls.

Maybe some security specialists find this thesis to be useful. If so, please leave a comment. ;)